98a6a0c9115133f11e152b8240ae8367cca0d3c2e81c75caffc7a8ee8ca73c2c

Analysis

max time kernel
234s
max time network
277s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 15:52 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testx2-main/ads (15).exe
Size

362KB
MD5

b16954807827ccfa1e4738fce1089b62
SHA1

b2f6607d68e4d197892c515b16b3f61252304120
SHA256

2f8c68901f8df6f67796a8a892dd517c2011b93f271da04ed55448e9686ad984
SHA512

48726f50886b81a08317a0db0171ae3264880d43514086766e3f9a354b59101cf0755f8d815ad6979eab8c7fcc62969ff977ed9d780f30323f6143697869c0ed
SSDEEP

6144:eluUm0Yxw8f9ZzJ83K1woh8iMFJrCK1vHkk:eIUmXw29EYwoip

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1748	xmrigMiner.exe
Token: SeLockMemoryPrivilege	1748	xmrigMiner.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1748	xmrigMiner.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 4060	5024	ads (15).exe	90
PID 5024 wrote to memory of 4060	5024	ads (15).exe	90
PID 4060 wrote to memory of 1748	4060	cmd.exe	91
PID 4060 wrote to memory of 1748	4060	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\testx2-main\ads (15).exe
"C:\Users\Admin\AppData\Local\Temp\testx2-main\ads (15).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\testx2-main\xmrigMiner.exe" --daemonized
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4060
- - C:\Users\Admin\AppData\Local\Temp\testx2-main\xmrigMiner.exe
    C:\Users\Admin\AppData\Local\Temp\testx2-main\xmrigMiner.exe --daemonized
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:1748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4232,i,18261153038209191383,10347744459236715365,262144 --variations-seed-version --mojo-platform-channel-handle=3940 /prefetch:8
1⤵
PID:4900

Network

DNS

sg-zephyr.miningocean.org

xmrigMiner.exe

Remote address:

8.8.8.8:53

Request

sg-zephyr.miningocean.org

IN A

Response

sg-zephyr.miningocean.org

IN A

51.79.157.201
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

201.157.79.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.157.79.51.in-addr.arpa

IN PTR

Response

201.157.79.51.in-addr.arpa

IN PTR

vps-eaaaf6bfvpsovhca
DNS

23.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.181.190.20.in-addr.arpa

IN PTR

Response
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR

Response

81.144.22.2.in-addr.arpa

IN PTR

a2-22-144-81deploystaticakamaitechnologiescom
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

192.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

192.142.123.92.in-addr.arpa

IN PTR

Response

192.142.123.92.in-addr.arpa

IN PTR

a92-123-142-192deploystaticakamaitechnologiescom
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response

51.79.157.201:5332

sg-zephyr.miningocean.org

xmrigMiner.exe

2.0kB
5.4kB
17
16

8.8.8.8:53

sg-zephyr.miningocean.org

dns

xmrigMiner.exe

71 B
87 B
1
1

DNS Request

sg-zephyr.miningocean.org

DNS Response

51.79.157.201
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

201.157.79.51.in-addr.arpa

dns

72 B
109 B
1
1

DNS Request

201.157.79.51.in-addr.arpa
8.8.8.8:53

23.181.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.181.190.20.in-addr.arpa
8.8.8.8:53

81.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

81.144.22.2.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

192.142.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

192.142.123.92.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1748-0-0x0000023A18BD0000-0x0000023A18BF0000-memory.dmp

Filesize
128KB

Download
memory/1748-1-0x0000023A18C20000-0x0000023A18C40000-memory.dmp

Filesize
128KB

Download
memory/1748-4-0x0000023A18C40000-0x0000023A18C60000-memory.dmp

Filesize
128KB

Download
memory/1748-6-0x0000023A18CD0000-0x0000023A18CF0000-memory.dmp

Filesize
128KB

Download
memory/1748-5-0x0000023A18CA0000-0x0000023A18CC0000-memory.dmp

Filesize
128KB

Download
memory/1748-3-0x0000023A18C60000-0x0000023A18C80000-memory.dmp

Filesize
128KB

Download
memory/1748-2-0x0000023A18C80000-0x0000023A18CA0000-memory.dmp

Filesize
128KB

Download
memory/1748-9-0x0000023A18D30000-0x0000023A18D50000-memory.dmp

Filesize
128KB

Download
memory/1748-10-0x0000023A18D50000-0x0000023A18D70000-memory.dmp

Filesize
128KB

Download
memory/1748-8-0x0000023A18D10000-0x0000023A18D30000-memory.dmp

Filesize
128KB

Download
memory/1748-7-0x0000023A18CF0000-0x0000023A18D10000-memory.dmp

Filesize
128KB

Download
memory/1748-13-0x0000023A18C40000-0x0000023A18C60000-memory.dmp

Filesize
128KB

Download
memory/1748-12-0x0000023A18C60000-0x0000023A18C80000-memory.dmp

Filesize
128KB

Download
memory/1748-11-0x0000023A18C80000-0x0000023A18CA0000-memory.dmp

Filesize
128KB

Download
memory/1748-18-0x0000023A18D30000-0x0000023A18D50000-memory.dmp

Filesize
128KB

Download
memory/1748-17-0x0000023A18D10000-0x0000023A18D30000-memory.dmp

Filesize
128KB

Download
memory/1748-16-0x0000023A18CF0000-0x0000023A18D10000-memory.dmp

Filesize
128KB

Download
memory/1748-15-0x0000023A18CD0000-0x0000023A18CF0000-memory.dmp

Filesize
128KB

Download
memory/1748-14-0x0000023A18CA0000-0x0000023A18CC0000-memory.dmp

Filesize
128KB

Download
memory/1748-19-0x0000023A18D50000-0x0000023A18D70000-memory.dmp

Filesize
128KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.